<%@ LANGUAGE="VBScript" %>
<%
OPTION EXPLICIT
' Insert the compact P3P header before assigning any cookies
response.expires = 0
response.addheader "P3P","CP=""NON STP DSP COR ADM CUR OUR CNT COM NAV STA"""
'*******************************************************************************
'*
'* Name: Contact Form
'* Author: Brian Hanifin
'* Date Created: 01.04.2002
'* Purpose: Allow users to contact the company.
'*
'* File: /contact.asp
'* Called By: /contact.asp
'*
'* ============================================================================
'*
'* Modifications:
'* (Date) (Author) - (Reason)
'*
'*******************************************************************************
' Declare the Library Components.
DIM objDatabase, objErrors, objForms,objIO, objString
SET objDatabase = GetObject("script:" & Application("LIBRARY_PATH") & "\SiteLab.Database.wsc")
SET objErrors = GetObject("script:" & Application("LIBRARY_PATH") & "\SiteLab.Errors.wsc")
SET objForms = GetObject("script:" & Application("LIBRARY_PATH") & "\SiteLab.Forms.wsc")
SET objIO = GetObject("script:" & Application("LIBRARY_PATH") & "\SiteLab.IO.wsc")
SET objString = GetObject("script:" & Application("LIBRARY_PATH") & "\SiteLab.String.wsc")
' Assign the DSN to the database object.
objDatabase.DSN = Application("BULLETIN_DSN")
' Using this value, instead of the global Application level value allows us to
' enable and disable error handling on a page by page basis.
DIM ERROR_HANDLING_ENABLED
ERROR_HANDLING_ENABLED = Application("ERROR_HANDLING_ENABLED")
ERROR_HANDLING_ENABLED = FALSE ' unremark to forcefully disable error handling on this page.
' Assign the SMTP server to the Error handler.
objErrors.SMTPSERVER = Application("SMTP_SERVER")
' Define the number of required fields on this form
CONST REQ_FIELDCOUNT = 4
CONST LOG_FILE = "..\..\database\contact.csv"
DIM objRS, objDB
DIM strSQL
DIM strName, strEmail, strSubject, strMessage
DIM strMessageBody, strContact, strContactEmail, strQueryString
DIM strError, strSpecialError
DIM i, j, intErrorCount
DIM bolSubmitted, bolCC
DIM arrError
REDIM arrError(REQ_FIELDCOUNT)
PUBLIC FUNCTION AddError(ByVal strMessage, ByVal intErrorCount)
intErrorCount = intErrorCount + 1
arrError(intErrorCount) = strMessage
AddError = intErrorCount
END FUNCTION
PRIVATE FUNCTION CleanText(ByVal txt)
txt = objString.StripHTML(txt)
txt = objString.TextClean(txt)
'txt = objString.ScrubPersonName(txt)
CleanText = txt
END FUNCTION
PUBLIC SUB DisplayContent()
%><%
END SUB
PUBLIC SUB FormToLocals()
strQueryString = Request.QueryString
if Request("qs") <> "" then strQueryString = Request("qs")
strName = Request.Form("name")
strEmail = Request.Form("email")
strSubject = Request("subject")
strMessage = Request.Form("message")
' Clean values.
strName = objString.ScrubPersonName(strName)
strSubject = CleanText(strSubject)
strMessage = CleanText(strMessage)
'response.write "strSubject = " & strSubject & "
"
' Has the form been submitted?
if Request.Form("submitted") <> "" then
bolSubmitted = TRUE
else
bolSubmitted = FALSE
end if
' Did the sender request to be copied?
if Request("cc") <> "" then
bolCC = TRUE
else
bolCC = FALSE
end if
END SUB
PUBLIC FUNCTION GetLogBody()
DIM strLogBody
strLogBody = objIO.FormatCSV(strContactEmail) & "," & _
objIO.FormatCSV(strName) & "," & _
objIO.FormatCSV(strEmail) & "," & _
objIO.FormatCSV(strSubject) & "," & _
objIO.FormatCSV(strMessage)
'response.write "" & strLogBody & "
"
'response.end
GetLogBody = strLogBody
END FUNCTION
PUBLIC SUB GetRecipient()
' If no info is specified, then the Email should be directed to me.
strContactEmail = "brian@hanifin.net"
strContact = "Brian Hanifin"
' Retrieve the contact's Email address
'if strQueryString = "" then
'else
if strQueryString <> "" AND InStr(strQueryString,"=") = 0 then
' Assume the recipient has an address @hanifin.net
strContactEmail = strQueryString & "@hanifin.net"
' Define the name
strContact = UCase(Left(strQueryString,1)) & Mid(strQueryString,2)
SELECT CASE LCase(strQueryString)
CASE "brian", "dave", "david", "melissa"
strContact = strContact & " " & "Hanifin"
END SELECT
elseif Request("mid") <> "" then
' Retrieve the Contact Info from the Message database
GetRecipientFromMessage(Request("mid"))
elseif Request("gid") <> "" then
' Retrieve the Contact Info from the Guestbook database
GetRecipientFromGuestbook(Request("gid"))
end if
END SUB
PUBLIC SUB GetRecipientFromGuestbook(ByVal intID)
' Change the DSN to the Guestbook.
objDatabase.DSN = Application("GUESTBOOK_DSN")
' Execute the query
SET objRS = objDatabase.RSOpen("SELECT name, email FROM log WHERE id=" & intID & ";")
' Retrieve the values.
if NOT objRS.EOF then
strContact = objRS("name")
strContactEmail = objRS("email")
end if
' Close the recordset.
objDatabase.RSClose()
SET objRS = nothing
' Reset the DSN.
objDatabase.DSN = Application("BULLETIN_DSN")
END SUB
PUBLIC SUB GetRecipientFromMessage(ByVal intID)
' Execute the query
SET objRS = objDatabase.RSOpen("SELECT fldName, fldEmail, fldTitle, fldBody FROM tblBulletin WHERE fldAuto=" & intID & ";")
if NOT objRS.EOF then
strContact = objRS("fldName")
strContactEmail = objRS("fldEmail")
if strSubject = "" then strSubject = objRS("fldTitle")
'strMessage = objRS("fldBody")
' Prepend a reguarding before the message subject
if UCase(Left(strSubject,2)) <> "RE" then
strSubject = "RE: " & strSubject
end if
end if
' Close the recordset.
objDatabase.RSClose()
SET objRS = nothing
END SUB
PUBLIC SUB Initialize()
' Try to work past the error. The user doesn't need to see the detailed report.
if ERROR_HANDLING_ENABLED then ON Error Resume Next
' Test for banned content (e.g. "Content-Type: ") used by hackers.
if NOT RequestHasBannedContent() then
' Retrieve the form values
FormToLocals()
' Retrieve the recipient's contact information
GetRecipient()
' When the form is submitted
if bolSubmitted then
' SECURITY MEASURE: don't send the message if the referrer is not the localhost!
if InStr(Request.ServerVariables("HTTP_REFERER"),"hanifin.net") > 0 then
' Validate the form
intErrorCount = ValidateForm()
' If there are no errors, send the Email
if intErrorCount = 0 then
SendEmail()
' Only log my personal Emails
if strContactEmail = "brian@hanifin.net" then Call WriteLog(LOG_FILE, GetLogBody())
' Store the user's contact info in cookies
Response.Cookies("Hanifin")("Name") = strName
Response.Cookies("Hanifin")("Email") = strEmail
end if
end if
else
' Set default form values
strName = Request.Cookies("Hanifin")("Name")
strEmail = Request.Cookies("Hanifin")("Email")
bolCC = TRUE
end if
else
response.end
end if
' When an error occurs, display a friendly error message and notify the development team so action can be taken.
if Err.Number <> 0 then
SELECT CASE Err.Number
CASE 3021
if strQueryString <> "" then
strSpecialError = "We're sorry, this message has been deleted so we are unable to retrieve that user's Email address. If you'd like you may contact the webmaster instead."
end if
CASE ELSE
' Set the properties of the SiteLab.Errors Object.
objErrors.ErrorsTo = Application("EMAIL_DEVELOPER")
objErrors.Description = Application("SITE_DESCRIPTION")
' Execute the error handler.
objErrors.RunErrorHandler(Err)
END SELECT
end if
END SUB
PRIVATE FUNCTION RequestHasBannedContent()
DIM key, isBanned
isBanned = FALSE
' Form contents...
for each key in Request.Form
if InStr(LCase(Request.Form(key)),"content-type: ") > 0 then
isBanned = TRUE
exit for
end if
next
' QueryString contents...
if NOT isBanned then
for each key in Request.QueryString
if InStr(LCase(Request.QueryString(key)),"content-type: ") > 0 then
isBanned = TRUE
exit for
end if
next
end if
RequestHasBannedContent = isBanned
END FUNCTION
PUBLIC SUB SendEmail()
DIM strCC
' Define a generic subject when one was not provided by the sender.
if strSubject = "" then strSubject = "Email from a hanifin.net visitor"
' CC the sender when requested.
if bolCC then strCC = strEmail
' Email contents of form to the recipient
'CDONTS_Mail strContactEmail, strName, strEmail, strCC, "", strSubject, strMessage
Call objIO.CDONTS_Mail(strContactEmail, strName, strEmail, strCC, "", strSubject, strMessage)
END SUB
' Verify the form was filled out correctly.
PUBLIC FUNCTION ValidateForm()
' Initialize the error count to 0
intErrorCount = 0
if strName = "" then intErrorCount = AddError("Please enter your Name.", intErrorCount)
if strEmail = "" then
intErrorCount = AddError("Please enter your Email address.", intErrorCount)
elseif NOT objForms.IsEmail(strEmail) then
intErrorCount = AddError("You must enter a valid Email address.", intErrorCount)
end if
if strMessage = "" then intErrorCount = AddError("Please enter a Message.", intErrorCount)
' Return the value of the error message
ValidateForm = intErrorCount
END FUNCTION
PRIVATE SUB WriteLog(ByVal strLogFile, ByVal strBody)
DIM strLeftChar
'response.write Server.MapPath(strLogFile)
' Find the Physical path to the log file
strLogFile = Replace(strLogFile, "\", "/")
strLeftChar = Left(strLogFile, 1)
If strLeftChar <> "." OR strLeftChar <> "/" Then strLogFile = "./" & strLogFile
strLogFile = Replace(strLogFile,"//","/")
strLogFile = Server.MapPath(strLogFile)
' Add Date/Time
strBody = objIO.FormatCSV(Now()) & "," & strBody
' Append the text to the bottom of the file
Call objIO.WriteFile(strBody, strLogFile)
END SUB
Initialize()
%>